Access elements: Principal
Learn about the first access element that constitutes a request made to an AWS API.
We'll cover the following
When a request reaches an AWS API, the IAM service needs to allow or deny it. But before we dive into how it does that, let’s see what information it has.
A request represents that somebody(1) wants to do something(2) with something(3).
Let’s see what each of these 3 parts mean.
The first one is the Principal. It is the user, the role, the AWS service, or some special entity that sends the request.
The second part is the Action. It defines what the Principal wants to do, such as reading an object or creating a new Lambda function.
The third is the Resource. It is the logical entity in the account that is the subject of the request. For example, the specific S3 bucket to delete, or the EC2 instance to launch.
Get hands-on with 1400+ tech skills courses.